In the latter half of the twentieth century, there began a phenomenon known as the information revolution. While the information revolution is a historical development broader in scope than any one event or machine, no single device has come to represent the information revolution more than the digital electronic computer. The development of computer systems has surely been a revolution. Each year, the declining prices and expanding capabilities of computers and other digital technology cause them to be used in new and varied applications, and to process and store more user data.
The reduced cost of computing and the general availability of digital devices has brought an explosion in the volume of information stored in such devices. With so much information stored in digital form, it is naturally desirable to obtain wide access from computer systems. As a result, most computer systems are linked to other computer systems via any of various networks. It is not uncommon for a single computer system to have multiple network attachments. For example, the computer may be linked to the Internet, and the same time that it is linked to several computers within a business entity or other organization by a local area network. Additionally, a mainframe type computer may be linked to multiple workstations, any of which may additionally have links to external systems. Information is thus made available to many systems and locations remote from the actual system in which the information is stored and maintained.
Although it is obviously desirable in many cases to make information from one system available remotely to other systems, to do so creates numerous potential security exposures. The potential exposure increases as systems become more remote, i.e., as the number of intermediate connections from one system to another increase. For example, in the case of the Internet, information requested by a client from a server may pass through numerous intermediary systems during transmission. In such an anonymous world, it becomes difficult to verify the identities or authorities of participants, the ultimate destination of information, and whether other parties are snooping. A security exposure at any part of the path potentially exposes the information.
The problem of protecting digital information from corruption by or exposure to unauthorized parties can be likened to an arms race. In this arms race, new technological developments which expand the capabilities of digital data systems also create potential new security exposures. These exposures are often little appreciated or understood by the developers of new technology, but left unattended will eventually be exploited by clever and unscrupulous interlopers. Those who develop countermeasures to protect system integrity are constantly striving to keep up with the potential exposures and the ingenuity of the interlopers. In some cases, countermeasures themselves involve extraordinary technological complexity and consequent development effort. However, in many others, the countermeasure is itself technologically simple, and the difficulty in developing it lies in first appreciating the nature of the security exposure.
Security exposures and their countermeasures can be classified broadly in two categories: data security and physical security. In general, data security involves the use of data as a tool by the interloper to perform some unauthorized act, while physical security involves a physical access, sometimes using a special purpose eavesdropping device. E.g., an interloper who uses conventional hardware such as a remote computer terminal attached to a network or to a larger system to enter data in such a manner as to enable him to perform an unauthorized act has breached data security. An interloper who gains unauthorized physical access to the system, by obtaining access to a secure area or by opening a physical lock on a system component, has breached physical security.
While a great deal of effort has been put into the development of improved data security techniques, these can be rendered useless by simple breaches in physical security. For example, a system may have every sophistication to prevent a data security breach from a remote terminal, and yet if a person can simply walk into the building and room where the main system is located and access information from a system console, from storage media, or otherwise, system security is seriously impaired. All too often, attention is focused on the data security aspect to the neglect of simple physical security.
One form of physical security exposure is created when using any of various remote workstation control software applications. These applications allow a user to take control of a workstation, such as a personal computer, from a remote location. Such applications are useful for debugging workstation or network problems, for downloading and setting up applications on the workstation, and for simply accessing data and performing work using the workstation from a remote location, where the remote location may be an alternate workplace of the user, a mobile computing device, or a temporary work location. When using such an application, the workstation is not necessarily attended, and may be located in an unsecure area. In these circumstances, any unauthorized person could simply watch the user's activity on the workstation display monitor. It is even possible that someone might attach a snooping or recording device to the monitor output port of the workstation. Some remote workstation control applications attempt to blank the display screen of the workstation, but these are not necessarily effective for all workstation configurations; other such applications do not even attempt to blank the screen.
A need exists for improved techniques and devices which prevent exposure of data in an unattended workstation operating under control of a remote workstation control application. Furthermore, a more general need exists for improved techniques and devices for enhancing physical security of data transmitted on I/O ports and cables of unattended systems.